Hi,

I wanted to understand how the group policy under

"AdministrativeTemplate\WindowsComponents\RemoteDeskTopServices\RemoteDesktopSessionHost\Security"

and the restry entry under  “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services” is related.

For example

"Always prompts  for  password upon connection"  is set toEnable , in the group policy editor dialog ,.Now from the code set thefPromptForPassword to 0 in the registry . But still the prompt for password is active .

If the system is restarted it seems the system is taking the registry value 0 . Checking the group policy shows "Always prompts  for  password upon connection"  asEnable.

I wanted to understand how the group policy and the registry key related?

From where the system applying the policy ,  from registry or from some where?

Is it right approach to update the registry to change the policy at runtime ?

regards

Somaraj

Hi

Is there any relation between enabling NLA and SecurityLayer and EncryptionLevel.

Is it required that if NLA is enable then Security Layer should be SSL(TLS)  and  MinEncryptionLevel = High or Client Compatible

Regards

Somaraj

Folks,

Just noticed this becoming an issue on a Windows 2012 R2 Terminal Server after the last round of Patch Tuesday updates stemming from August 9th, 2016.

Typically, I'm rebooting the server every 24 hours to over-correct the issue - rebooting not being the best option here.  

In previous discussions, it's advised to remove KB3002657 or KB3035132 from the server.  Is this still the best option to restore full functionality even with the last round of patches and updates? Just to confirm, we are not using webroot as an AV solution. 

I'm displaying the console of various remote hosts using Remote Desktop on my 2560x1600 display, and they come out very small. I would like to enlarge the RDP windows and have the remote displays' pixels increased in size accordingly. Is this possible?

I initially thought RDP smart sizing would take care of this but it seems this feature only supports making pixels smaller (scaling down, not up).

Note that I want any configuration changes to be done to my local machine only. Changing text size, DPI, or any other desktop related setting on remote hosts is undesired as they are correctly setup when used in other contexts.

Thanks
Mike

Hello,

I have a small, newly set up network consisting of three Windows 10 Build 1607 desktops, all up to date, a 2016 Essentials server and a Windows 10 Build 1607 laptop and desktop on the other end of a OpenVPN tunnel. The remote laptop and desktop are successfully joined to the domain and mapping drives no problem. I've been pushing GPOs out to all the machines and everything seems to work, up to the point where I enabled remote desktop and began to test with it. The OpenVPN tunnel should not be an issue, as the remote desktop session to the Server 2016 Essentials machine from the remote machine is rock solid stable, even when the network is under heavy use. My problem lies with making and maintaining remote desktop sessions to each of the three Windows 10 machines in the office from the remote Windows 10 machines. All three office machines exhibit the same issue.

Here is a scenario:

You are already pinging the remote machine you want to control with RDP, and you are getting responses back as expected. You can make a connection just fine, but whether using the session or leaving it idle, you can watch the pings going to the machine randomly drop as if the NIC on the remote machine has been reset. The RDP session is interrupted, then a few seconds later reconnected. It has done this thousands of times during my troubleshooting session on all three office machines. You can see that the session is not being starved for bandwidth. The first event in the RDPCoreTS logs that happens right at the time of the connection drop is almost always a slew "TCP socket WRITE operation failed, error 64." and "TCP socket READ operation failed, error 64" followed by "The server has terminated main RDP connection with the client." Then another error-level event comes up: "'Failed CreateVirtualChannel call on this Connections Stack' in CUMRDPConnection::CreateVirtualChannel at 2349 err=[0x80004005]" followed by number disconnect events, and then: "Disconnect trace:CUMRDPConnection Disconnect trace:'calling spGfxPlugin->PreDisconnect()' in CUMRDPConnection::PreDisconnect at 4477 err=[0x0], Error code:0x0." The last event you see in this grouping is: "The disconnect reason is 14." Upon automatically reconnecting, you see: "The network characteristics detection function has been disabled because of Reason Code: 2(Server Configuration).." Then the connection is restored, only to drop in anything from a few seconds up to a few minutes later.

So, in recap (TL:DR):

RDP from the remote machines to the 2016 Essentials Server through the VPN tunnel:Rock Solid Stable
RDP from the remote machines to the office machines through the VPN tunnel: Constant drops and numerous logged events.
RDP from 2016 Essentials Server to office machines on LAN only: Rock Solid Stable
RDP from the office machines to the remote machines through the VPN tunnel: Constant drops and numerous logged events.
ALL network traffic ceases to and from the host machine when the drop happens, including ICMP traffic (pings).
ALL of the Windows 10 machines can ping each other without issue and without any drops when not using RDP.

What this tells me is that the issue lies in some configuration issue either with a GPO setting or something inbuilt wrong with all of the Windows 10 1607 machines I have.

I have tried a variety of fixes, and have probably put 20 hours into researching a solution to this problem so I am prepared for this to be difficult to fix. My google powers have failed me.

Okay here goes what I have tried:

Disabling firewall on both ends of the connection: no change.
Removing DHCP reservations: no change.
Adding every scope I could think of to the routing/firewall rules: no change.
Trying to move RSA crypto keys as suggested in another post: no change.
Changing the physical NIC in the office machines to a add-in PCI-e one: no change.
Re-installing all suspect machines: no change.

GPO settings I have tried both ON and OFF:
-Allow users to connect remotely by using Remote Desktop Services: Enabled
-Configure compression for RemoteFX data: Optimized to use less network bandwidth (tried balanced too)
-Require use of specific security layer for remote (RDP) connections: Enabled, SSL
-Require user authentication for remote connections by using Network Level Authentication: Enabled
-Set time limit for disconnected sessions: Enabled, Never
-Set time limit for active but idle Remote Desktop Services sessions: Enabled, Never
-Set time limit for active Remote Desktop Services sessions: Enabled, Never
-Windows Firewall: Allow inbound file and printer sharing exception: Enabled
-Windows Firewall: Allow ICMP exceptions: Enabled, Allow inbound echo request
-Windows Firewall: Allow inbound Remote Desktop exceptions: Enabled, 10.0.20.0/24,10.0.25.0/24

I have also generated a Wireshark packet capture from both ends of the connection during the RDP drop, but I don't want to share them publicly. I will share them with you privately if asked, though. I am not a professional packet inspector, so I couldn't gleam much from it. I can also provide a dump of the event log on the main PC I have been troubleshooting, if needed.

Any insight or suggestions you can give me would be very much appreciated. This issue is has really been trying my patience.

Thank you! 

Did a small search online but couldn't quite find something related.

Our current setup is as follows.

• TS1 - Server 2012 R2 - Remote Desktop Services [Web Access, Connection Broker, Session Host, RemoteApps published], has a TS1 Session Collection
  
• TS2 - Server 2012 R2 - Remote Desktop Services [Session Host, RemoteApps published], has a TS2 Session Collection
  
• RDWeb Feed published through Group Policy to End User Machines

TS1 and TS2 work great for end users on their own devices. RemoteApps appear in Start Menu under Work Resources, they can access RemoteApps on either TS servers.

TS1 is also a Remote Desktop server (or Terminal Server), for the full desktop experience, for some remote workers.

How do I get RemoteApps from TS2 available from TS1?

I know I could publish the RDWeb Feed to TS1, but wouldn't that cause all of TS1 RemoteApps to appear in Start Menu? Possibly confusing users as to which app to run?

I also know I could manually find and copy or link the RDP files to user's desktop, which is not as clean as the feed feature.

Thanks team!

Hi All,

I am having a windows server 2012 standard r2 installed on a Dedicated machine.For few days when i try to login via RDP it shows successful login and goes to "Waiting for Local session Manager"

then suddenly throws me out.

Waiting for your help.

Hello,

We have several Windows Server 2012 R2 VMs hosting a software to convert MS Office files into PDF.

MS Office 2016 is installed on these servers. This application is not intended to be used by interactive users, and no one is supposed to log into the servers, except for maintenance purposes.

The main issue we are facing is in the interaction between the software and Office 2016.

The behavior changes depending on the DCOM configuration of Office applications (Excel, Word, etc.):

- If the Identity is set to "This user" or "The launching user", the software interacts with Office all the time, but the conversion is not satisfying, because all embedded objects are missing. When we start Excel for application, we see the message "Cannot use object linking and embedding". And this explains why some objects are not being converted.

- If the Identity is set to "The interactive user", and an interactive user is logged into the machine, the conversion works properly. But as soon as the user closes the RDP session, we start seeing the following error:

[Err.Number]=-2147467238, [Err.Description]=Automation error
The server process could not be started because the configured identity is incorrect. Check the username and password.

Our analysis is that the application is using the interactive user session when that user is logged in to interact with MS Office, but then when the user disconnects, the interaction with Office is not happening.

Is there a clean solution to resolve this issue? Is there a way to keep the session of an interactive user alive, even after closing the RDP window (without logging off)?

This issue did not exist on Windows Server 2008 R2 with MS Office 2010, and it is very penalizing to us.

Your help is very much appreciated.

Thanks!

I'm running a 2012R2 RDS environment. I launch an application and leave it running on my desktop. I login to my laptop and launch the same application (paint).  The application is transferred to the laptop with the content added while on my desktop. The application is closed on the desktop with an error displayed.  How can I prevent this from occurring if needed?

Hi Team,

We have Our Windows 2012 R2 Standard Hosted at Oracle Cloud environment. Now we got licenses for Remote Desktop Access CA Licenses, Can we install these licenses with Windows 2012 R2 Standard server hosted at Oracle Cloud environment. 

Regards,

Ashokan.M

Similar registry entries are found under the below two registry path .

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

For example  ,both keys have   UserAuthentication, SecurityLayer ,fPromptForPassword

Why is it so ?

regards

Somaraj

Good day,

I wish to clarify these info before I purchase the Terminal CAL licenses. I have 2 unit 2012 servers and 2 unit 2008 R2 servers. The licensing server is in 2008 R2.I have enable RDP in all 4 servers.

Can I activate the new 2012 CAL license in Windows 2008 R2 and set the 2 Windows 2012 RDP license pointing to Windows 2008 R2?

Or do i need to setup a Windows 2012 RDP licensing center?

Sorry for the trouble and thank you for the help.

Regards,

Gary

I have discovered a possible bug with Multipoint 2016 and the VirtualIP feature (i.e. "Assign a unique IP to each station"). When the VirtualIP feature is turned on with Multipoint 2016, almost every time I log out of Windows (USB or direct-connect) my network goes offline as well so that all stations stop working. I sometimes see a yellow exclamation mark on the network icon in the taskbar, while sometimes it shows a red x. A screen on the direct-connect station says "The connection has been lost. Attempting to reconnect to your station... The network is not available. The connection will be reinstalled when the network is available." After a couple of minutes the stations come back to life but then most often a yellow exclamation mark appears on the network card icon with the tooltip of "No Internet Access." When this happens, Internet and other network resources no longer work and my LAN stations no longer connect. Pinging the computer from the outside doesn't respond, but the USB and Direct-Connect stations can at least log in.

When this happens my IP is 169.254.45.3. When I ran IPConfig /renew in an elevated command prompt I get the message: "The operation failed as no adapter is in the state permissible for this operation." I updated my network card drivers but that didn't help. I set my IP to static but that didn't help. When I go to the properties of the network card I sometimes get "an unexpected error occurred" but then my second try it lets me in.

Rebooting solves the issue but ironically disabling my network card also solves the issue. When I disable my card, it freezes all of my stations but then after a couple of minutes everything comes back to life and the network card is enabled and functioning again. I assume it's the MultiPoint Repair service that is recovering my network card for me.

Disconnecting doesn't cause the issue. Logging out does. Is anyone else having this issue? Is there a solution other than turning off VirtualIP? I am pretty sure it's the VirtualIP with the issue, since when I turned if off during my troubleshooting I was able to log off without issues and when I turned it back on the issue came back immediately.

-----------------------------

Event Logs:

Event ID: 102
Source: Microsoft-Windows-TerminalServices-TSAppSrv-TSVIP/Admin
Details:
An error occurred when the computer tried to start Remote Desktop IP Virtualization: 0x800701E7.

EventID: 10016
Source: DistributedCOM
Details:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Hi,

I am migrating from Citrix XenApp to Windows 2012 R2 RDS RemoteApp. The application is OpenText Exceed On Demand. I see that application graphical quality is worse on RemoteApp than on Citrix XenApp. Is this application and RDP compatibility issue or matter of parameters that could affect graphical quality? Bandwidth is not the issues here.

Hi All,

I have setup a RDG server and its working wonderfully well.

I am able to connect to the RDG through RDP client.

I have applied a GPO for the following already as below

now my problem is, when ever users try to connect through RDP client, the setting  "automatically detect RD gateway server setting" is checked and they are connecting without using RDG gateway

But i want "use these RD gateway server settings" checked, so users can directly use RDG with out manually changing the check box every time

Also users are able to RDP directly to the server, is there a to block direct RDP and only allow Remote gateway server

Thanks in advance

All of a sudden my Windows 7 x64 computer is unable to connect to random Windows 2008 R2 servers via Remote Desktop.

I can connect to the same servers from other Windows 7 machines.

The only fix I've come across so far is this, except that key doesn't exist on either my machine or on the server(s):

To resolve this issue, follow these steps:

1. Start Registry Editor.
2. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TermService\Parameters
3. Under this registry subkey, delete the following values:
   • Certificate
   • X509 Certificate
   • X509 Certificate ID
4. Quit Registry Editor, and then restart the server.

Does anyone have any suggestions please as I'm at a total loss what is happening here.

Thanks.

Hello,

I've been having a recurring issue with a remote app. It involves a dialog box and a number of frustrating hours trying to solve the problem. Which brings me here. The problem is as follows: 

The user is in their remote application and needs to either save a file or open a file. When the open/save dialog box appears the remote app is closed, there are no error messages so I can't say that it crashed.

If the same user is connected through rdp, executes the application in an rdp session, and tries to open/save something the dialog box appears and everyone is happy. 

This really is only limited to remote app and it occurs quite frequently though not every session. 

Any advice?

I have a few users in my terminal server environment whose Outlook task/calendar reminders do not popup and remind them.  They are not in cache mode and the reminder option is enabled.

I also ran the /cleanreminders  and /resetfolders switches to no avail.

Anyone else have any other suggestions so these users can get their reminders back?

Hello, I have an Amazon Server 2012 instance running as a Remote Desktop Application server. No Active Directory. I installed RD licensing server and added the license. Licenses show activated but every other time I log into the server it gives me a no RDP licenses pop up error with the number of days until users can no longer logon. My Dashboard is all green, The RDP Termservices an RD License server is running. I've run the License Diagnoser tool and it's giving me an network error. Please see screen shots below. I need to rectify issue before lockout.